Technological progress has led to a higher incidence of cyberattacks. The big technology cycles of today: e-commerce, mobile payments, cloud computing, Big Data, IoT, AI, and social media, all increase the cyber risk for users and businesses. But what is cybersecurity in business and what are its trends?
The nature of the threats is becoming more diverse. The list includes advanced persistent threats (APTs), distributed denial-of-service (DDoS), viruses, worms, malware, ransomware, spyware, botnets, spam, spoofing, phishing, hacktivism and potential state-sanctioned cyberwarfare.
Cybersecurity is difficult to ensure against precisely because the types of cybercrime differ, the motivations for these crimes differ, the assets targeted differ, and the remedies differ. Whereas most types of criminal activity have a single target, to steal money, and a single motive, to get rich, cybercrime is different. It has many motives, can come in many forms, and can be committed by a host of different types of attackers, known as threat actors.
Motives can range from extortion to theft to industrial espionage to revenge or simply attention-seeking. Cybercrimes can be committed by a vast range of potential suspects, from organized crime syndicates to hackers to disgruntled employees to terrorists to nation-states, and they can target a wide array of assets, from personal information on laptops to corporate IT infrastructure to commercial secrets to physical infrastructure to social media accounts. Add to that the technology dimension: for each new technological cycle, such as the IoT or AI, there are associated new cyber threats.
Criminals are attracted to cybercrime because of its low-risk, high-reward nature. The number of prosecutions for cybercrime is the lowest of all major crimes. A major reason for this is crimes are normally prosecuted in the jurisdiction in which they are committed, but most hackers deliberately attack corporations from an overseas territory. Because of the multi-jurisdictional nature of the problem, law enforcement agencies are struggling to address the growing threat of cyberattacks.
Why does cybersecurity matter for business?
Traditionally, most companies have adopted a prevention-based approach to cybersecurity, but recent advances in technology areas like machine learning are enabling a move towards active detection of threats. This allows pre-emptive action to be taken to stop breaches before they occur and also serves to free up resources currently occupied with chasing false positives from existing, more reactive systems. Spending on artificial intelligence (AI)-infused cybersecurity tools will increase significantly over the coming years.
Another growth area will be unified threat management (UTM), which can tackle diverse threats and also address the issues faced by companies that find themselves with myriad security products from a wide variety of vendors, resulting in a security landscape that lacks coherence.
In today’s digital economy, it is essential that companies of every stripe can collect, store and adequately protect customer data and proprietary secrets. Failure to do so will significantly damage a company’s brand and reduce the quality of the product it produces, with concomitant impact on revenues and profitability.
Cybersecurity has, therefore, become a critical business function, yet it remains a non-core competence for a significant number of boards. Chief information security officers (CISOs) have become increasingly common in recent years, recent research suggests that nearly two-thirds of large US companies now have a CISO position, but the majority do not report directly to the CEO, reducing their effectiveness.
The frequency of cyberattacks is only likely to accelerate over the coming years, therefore it is vital that senior executives have a full understanding of the inherent risks and implications.
What are the big themes around cybersecurity?
Deep learning in cybersecurity
Deep learning is a field of machine learning, an AI technology which allows machines to learn by using algorithms to interpret data from connected ‘things’ to predict outcomes and learn from successes and failures. Deep learning systems are built using artificial neural networks that model the way neurons in the human brain talk to each other. A properly trained neural network can, therefore, distinguish between signals and general noise.
There are a number of reasons why AI and deep learning are beginning to make their way into the cybersecurity industry. These include a shortage of cyber engineering specialists, too many cybersecurity vendors, too many false positives, and a growing army of hackers who are often better equipped, better funded, and clever enough to exploit an ever-expanding attack surface.
Take the example of advanced persistent denial-of-service (APDoS) attacks, whereby hackers use automated bots to generate large volumes of attack traffic quickly and maintain a long-term threat. The express purpose of an APDoS attack is to extract sensitive corporate data rather than merely bring down a website, the traditional purpose of a DoS attack. By diverting the IT department’s attention to fighting off the APDoS attack, the attacker can launch multi-vector attacks against the true target, such as confidential design blueprints, that go unnoticed.
Hackers have the advantage of the element of surprise and often attacks go unnoticed for months or even years. Machine learning technologies offer ways for an organization to parse real-time information from across their network, allowing them to uncover potential threats before they hit. They may also uncover the areas where the network is most vulnerable. AI could help security professionals spend more time focusing on real threats and taking the right actions to remediate them.
There is an ongoing move away from a prevention-based approach to cyberattacks and towards active detection of threat actors using intelligence-led tools. Chief information security officers and security executives are increasing investment in detection and response-based offerings such as deception technology, software-defined segmentation and behaviour analytics. This increased emphasis on detection and response can free up resources currently occupied with chasing false positives.
Unified threat management (UTM)
Corporate expenditure on cybersecurity has typically been slapdash. Multiple vendors and some large enterprises are working with up to 100 and they have sold a patchwork of security products without considering how well they work together. The result has been a lack of strategic direction within many companies’ IT departments. UTM systems aim to address this problem by combining multiple security functions, like network firewalling, intrusion detection and prevention, antivirus, anti-spam, content filtering, leak prevention, into a single security system, in the process reducing incident response times and enhancing overall threat detection rates. The core market for UTM vendors has been small and medium-sized enterprises (SMEs), but they are increasingly targeting large businesses with products capable of handling the required complexity.
Managed security services
Few organizations have the skillsets required to build cybersecurity defences themselves or even make effective use of cybersecurity technology. This presents an opportunity for managed security services providers, as they have the ability to manage an organisation’s cloud applications, ensure compliance with data protection regulations, as well as managing other cybersecurity risks.
Cybersecurity is moving away from the purchase of one-off software products for a single device, such as antivirus tools for laptops, to a security-as-a-service approach, where multiple products across a range of devices are managed from the cloud. The advantages of security-as-a-service are clear: it enables companies to respond effectively to a threat environment that is constantly changing, it uses a subscription pricing model that is more flexible and transparent and it ensures corporate security systems remain up-to-date without the need to manually replace equipment or download and apply the latest security patches.
The majority of security breaches are inside jobs, whether through malicious intent or negligence, so behavioural analytics are critically important as a defence. It involves analysing the profile of the user, including the websites they visit, as well as network traffic and looking for deviations from the norm, or from acceptable use. The leaders in AI-enabled security services are best placed to exploit this trend.
Financial services firms and smartphone makers are already using biometrics, fingerprints or facial recognition, to verify a user’s identity. The security afforded by traditional passwords is inadequate for online transactions and are overdue for replacement. Facial recognition and fingerprint technology companies will be a major beneficiary of this trend.
Large corporations are building private and hybrid clouds while SMEs are spending significant sums on public cloud services. Both activities could open businesses up to a higher risk of cyberattack and, as a result, increase the demand for cloud security and web application security services.
Android handsets have always been susceptible to serious security breaches because the operating system is open source and the main developer, Google, does not control the software update process for most of the world’s Android smartphones. When a security breach occurs, Google’s ability to patch it quickly is limited as it is up to the device manufacturers or telecom operators to decide when and how updates a released. Google has taken a major step towards fixing this issue with its own range of devices and, in time, it is likely that Google will make Android proprietary, much like Apple and iOS. That might not be for years, however, so hundreds of millions of Android smartphones will remain vulnerable to attack for the foreseeable future.
Online fraud has risen on the back of technology cycles such as peer-to-peer lending, mobile banking, e-commerce and the Internet of Things. Social media encourages the (often reckless) dissemination of personal information on the web, helping to facilitate identity theft. Moreover, hackers have access to low-cost tools and methodologies and a minimal threat of capture. As more personal data is gathered by internet companies, specialist data resellers create Big Data algorithms that slice and dice this information for resale.
Bug bounty programs
In 2016, Apple joined most other major tech companies in instituting a big bounty program, whereby it will pay cybersecurity professionals and hackers for finding and reporting vulnerabilities in its software. As IoT takes off, more and more non-tech companies are likely to become vulnerable to hacking, so the volume and scale of bug bounty programs will rise accordingly. The cash-rich tech giants are able to pay bigger bounties, allowing them to discover and patch holes in their software more quickly than smaller rivals.
What is the history of cybersecurity?
The cybersecurity story… … how did cybersecurity get here and where is it going?
- 1971: The first computer virus, known as “The Creeper,” was purposely designed and released on ARPANET and copied itself to the remote system displaying the words: “I am the Creeper: Catch me if you can.”
- 1982: The first large-scale computer virus outbreak was caused by “Elk Cloner,” a virus developed by a 15-year-old high school student as a practical joke. Elk Cloner was spread by floppy disks and affected the Apple II operating system.
- 1986: The first Computer Fraud and Abuse Act was passed, defining Federal computer-related crimes and associated penalties.
- 1988: Cornell graduate Robert Morris created and deployed the first worm. It was an aggressive, self-propagating virus that crippled 10% of the 88,000 computers on the ARPANET, which by 1990 became the internet.
- 1999: The Melissa and ILOVEYOU worms infected tens of millions of PCs across the world, causing email systems to fail.
- 2000: The Council of Europe drafted a Cybercrime Treaty to promote the international harmonization of laws against computer crimes.
- 2002: A DDoS attack struck al 13 DNS root name servers, knocking out all but five. This was the first attempt to disable the internet itself rather than individual hosts or enclaves.
- 2008: An employee at the US Central Command put a “candy drop” flash drive he found in the HQ car park into his laptop and exposed data on classified and unclassified systems.
- 2008: The National Cybersecurity Division of the US Department of Homeland Security released the Common Attack Pattern Enumeration and Classification resource, a publicly accessible taxonomy of attack patterns.
- 2008: National Security Presidential Directive 54/Homeland Security Presidential Directive 23 formalized the Comprehensive National Cyber-Security Initiative, intended to establish a frontline defence against a full
- 2012: General Keith Alexander, the US’s cybersecurity chief, said the loss of industrial information and intellectual property through cyber espionage constituted the “greatest transfer of wealth in history,” referring to Chinese state-sponsored hackers.
- 2013: US retailer Target suffered a data breach whereby the personal data of 40 million credit card customers was compromised. Access was gained via a third-party air conditioning supplier’s control systems and exacerbated by Target’s weak internal segregation of network systems.
- 2014: Serious data breaches were suffered by Sony Pictures, JP Morgan, and Apple’s iCloud servers in China.
- 2015: Serious data breaches were suffered by the US Office of Personnel Management, TalkTalk, and Ashley Madison.
- 2015: US officials announced that Russian hackers gained access to White House and State Department emails in 2014.
- 2015: The deadline passed for EMV chip card acceptance at the point of sale (POS), prompting many warnings to e-commerce merchants that fraudsters will step up their attacks against card-not-present transactions.
- 2015: The major card networks continued their push of tokenization for securing mobile and online transactions, including efforts to embed the technology in their own payment products, such as Mastercard’s Masterpass.
- 2016: Yahoo revealed a 2014 breach of 500 million users’ personal details – the largest such breach in history.
- 2016: The EU NIS Directive came into force.
- 2017: WannaCry ransomware attack, which targeted computers running the Microsoft Windows operating systems, affects more than 200,000 computers across 150 countries.
- 2018: Intel reports Meltdown and Spectre vulnerabilities in its chips, which allows a rogue developer to read a chip’s memory.
- 2018: The EU NIS Directive may be transposed into national laws in each EU member state.
- 2018: GDPR comes into force across EU countries.
- 2021: The worldwide cybersecurity market is expected to reach $140bn.
This article was produced in association with GlobalData Thematic research. More details here about how to access in-depth reports and detailed thematic scorecard rankings.